A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by any one of the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever.
A. Field of the Invention
The present invention relates generally to a microprocessor controlled security system for computers, especially personal computers. More particularly, it relates to a computer security system accessed by magnetically encoded cards that allows control of personal computer access and time usage, internally recorded data and attached peripheral devices.
B. Description of Related Art
With personal computers and their applications becoming more commonplace, an increasing number of such computers are being placed in multi-user environments. For example, universities and other educational institutions often give their students access to many personal computers, and allow the same computer to be used by any of a number of different students. Typically, a university or other institution might make personal computers available in a library for the use of students who are studying or conducting research.
Similarly, businesses will often make one or more personal computers available for use by multiple employees, who perform the same or similar tasks, or who may even perform dramatically different tasks. In either circumstance, the computer may have any of a variety of built-in or peripheral features, such as disk drives (floppy disks, hard disks, CD ROM's, etc.), printers, optical scanners, modems, FAX machines, MIDI devices, or video devices.
When personal computers are made available for use by multiple individuals, the organization owning the computer often wants to maintain control of the access to those computers, and their peripherals. Thus, educational institutions and businesses may keep their personal computers within locked rooms and allow entry into the room only by those with authorization to access the computers.
Organizations having such multi-user computers often seek to allocate the expenses for each computer's use, either in the organization's accounting procedures or through actual charges to users. Such charges are either made directly to the individual users, or are allocated for accounting purposes in accordance with the tasks performed by those individuals. Thus, a university may keep track of the students who use computers and their peripherals by academic department to determine whether more expenses associated with personal computers should be allocated to one department or another, or the university may require students or other users to "pay by the hour" for their actual use of computer time. Likewise, organizations may want to limit access to certain costly peripherals, such as laser printers. Business environments have similar requirements.
Computer-owning institutions could, of course, place each computer within a locked room (with different rooms having different combinations of peripherals) and allow students or other users access to those rooms only for limited and carefully controlled times. However, a simple locked room is often inadequate to provide proper security for personal computer data and makes accurate accounting of the individuals who use computers and their peripherals, and the amount of use by each individual difficult. Such methods are cumbersome and, in any event, unlikely to be followed with the consistency necessary for accurate accounting or cost charging.
Another potential multi-use circumstance for personal computers is in a classroom environment, where one "master" computer, associated with an instructor, displays its data on the screens of a number of "slave" computers, each associated with one or more students. These screens and their internal hard drives can also be driven by the "master computer" independent of individual computers. In that circumstances, the instructor often wants control over the activation of the individual computers or screens so as to fully control the lecture or other educational environment. Aside from physically disabling the "slave" computers, hard drives, or screens by, for example, disconnecting the equipment from its power source, few methods have been traditionally available for allowing instructors to have such control.
Due to the need for security for personal computer systems, it is not surprising that considerable effort has been made in the prior art to meet the needs of computer-owning institutions. Simple password techniques are perhaps the most familiar, where access is gained by the user by entering a password into the computer. Password generating machines combined with computer interfacing devices are also known int he art, one example being U.S. Pat. No. 4,800,590 issued to Vaughn. Other security techniques include call and call back systems, security by encoding messages and data, and "trapdoor" encryption schemes. However, such computer access and security techniques each have their limitations. Most do not provide for limited time access, and some are too expensive or impractical for personal computers or personal computer networks. Additionally, many prior art methods are not suitable for selective access to peripheral devices linked together through a peripheral data bus to a master computer.
Accordingly, it is an object of this invention to provide a system for controlling access to personal computer and peripheral devices to authorized users.
It is also an object of this invention to provide a computer security system that is suitable for personal computers, and that is both practical and of reasonable cost.
A further object of this invention is to provide security for data that is held within such personal computers, when the data is held within internal or physically attached hard disks or other data storage devices.
Yet another object of this invention is to provide a means for accurately recording and accounting for the time used by each computer users on the equipment. A related object is to provide an ability to disable the operation of personal computers when their operation is not authorized, or when the elapsed time used by a computer user reaches a predetermined time limit.